IEEE Access (Jan 2019)
An SDNFV-Based DDoS Defense Technology for Smart Cities
Abstract
A software defined networking (SDN)-enabled smart city is a new paradigm that can effectively improve the cost efficiency and flexibility of data management through data-control separation. However, it faces significant security threats such as distributed denial of service (DDoS) attacks which jeopardize the security and availability of data and services by overloading the system with excessive traffic from distributed sources. To improve the DDoS defense capability and enhance the security of data management in SDN-enabled smart cities, this paper proposes a DDoS attack Defense strategy based on Traffic Classification (DDTC). We use software defined network function virtualization (SDNFV) architecture and traffic classification strategy, to improve the flexibility and reduce the load of SDN against DDoS attacks. Experimental results show that the proposed DDTC can not only launch DDoS attacks detection quickly, but also accurately track the sources of DDoS attacks. More importantly, it can reduce the risk of attack on the controller of SDN and improve the effectiveness of the system.
Keywords